CVE-2011-3979

Sažetak

Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.

Reference

http://community.zikula.org/index.php?module=News&func=display&sid=3075
http://osvdb.org/75226
http://secunia.com/advisories/45884
http://securityreason.com/securityalert/8409
http://www.securityfocus.com/archive/1/519565/100/0/threaded
http://www.securityfocus.com/bid/49491
https://exchange.xforce.ibmcloud.com/vulnerabilities/69644
https://www.htbridge.ch/advisory/xss_in_zikula.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:33

Objavljeno

04-10-2011 - 10:55